diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-03-11 15:42:01 +0000 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-03-11 15:42:01 +0000 |
commit | 4f14063dcffe203b68d1456c28b11d33acb6326d (patch) | |
tree | 3bb7032df69bd634afca8d0a17283bf5522f72be | |
parent | d17fe6bfce3ff90d38ae641715d07a68ab171be6 (diff) | |
download | rspamd-4f14063dcffe203b68d1456c28b11d33acb6326d.tar.gz rspamd-4f14063dcffe203b68d1456c28b11d33acb6326d.zip |
[Feature] Improve dkim part in configwizard
-rw-r--r-- | lualib/rspamadm/configwizard.lua | 90 |
1 files changed, 87 insertions, 3 deletions
diff --git a/lualib/rspamadm/configwizard.lua b/lualib/rspamadm/configwizard.lua index 75fdb96aa..5949dceb4 100644 --- a/lualib/rspamadm/configwizard.lua +++ b/lualib/rspamadm/configwizard.lua @@ -23,6 +23,7 @@ local lua_stat_tools = require "lua_stat" local lua_redis = require "lua_redis" local ucl = require "ucl" local argparse = require "argparse" +local fun = require "fun" local plugins_stat = require "plugins_stats" @@ -51,7 +52,9 @@ parser:argument "checks" local redis_params local function printf(fmt, ...) - io.write(string.format(fmt, ...)) + if fmt then + io.write(string.format(fmt, ...)) + end io.write('\n') end @@ -264,6 +267,70 @@ local function setup_dkim_signing(cfg, changes) return string.sub(path, 1, string.len(path) - 1) end + printf('How would you like to set up DKIM signing?') + printf('1. Use domain from %s for sign', highlight('mime from header')) + printf('2. Use domain from %s for sign', highlight('SMTP envelope from')) + printf('3. Use domain from %s for sign', highlight('authenticated user')) + printf('4. Sign all mail from %s', highlight('specific networks')) + printf() + + local sign_type = readline_default('Enter your choice (1, 2, 3, 4) [default: 1]: ', '1') + local sign_networks + local allow_mismatch + local auth_only + local use_esld + local sign_domain + + local defined_auth_types = {'header', 'envelope', 'auth', 'recipient'} + + if sign_type == '4' then + repeat + sign_networks = readline_default('Enter list of networks to perform dkim signing: ', + '') + until #sign_networks ~= 0 + + sign_networks = fun.totable(fun.map(lua_util.rspamd_str_trim, + lua_util.str_split(sign_networks, ',; '))) + printf('What domain would you like to use for signing?') + printf('* %s to use mime from domain', highlight('header')) + printf('* %s to use SMTP from domain', highlight('envelope')) + printf('* %s to use domain from SMTP auth', highlight('auth')) + printf('* %s to use domain from SMTP recipient', highlight('recipient')) + printf('* anything else to use as a %s domain (e.g. `example.com`)', highlight('static')) + printf() + + sign_domain = readline_default('Enter your choice [default: header]: ', 'header') + else + if sign_type == '1' then + sign_domain = 'header' + elseif sign_domain == '2' then + sign_domain = 'envelope' + else + sign_domain = 'auth' + end + end + + if sign_type ~= '3' then + auth_only = ask_yes_no( + string.format('Do you want to sign mail from %s only? ', + highlight('authenticated users')), true) + else + auth_only = true + end + + if fun.any(function(s) return s == sign_domain end, defined_auth_types) then + -- Allow mismatch + allow_mismatch = ask_yes_no( + string.format('Allow data %s, e.g. if mime from domain is not equal to authenticated user domain? ', + highlight('mismatch')), true) + -- ESLD check + use_esld = ask_yes_no( + string.format('Do you want to use %s domain (e.g. example.com instead of foo.example.com)? ', + highlight('effective')), true) + else + allow_mismatch = true + end + local domains = {} local has_domains = false @@ -281,12 +348,12 @@ local function setup_dkim_signing(cfg, changes) end local function print_domains() - print("Domains configured:") + printf("Domains configured:") for k,v in pairs(domains) do printf("Domain: %s, selector: %s, privkey: %s", highlight(k), v.selector, v.privkey) end - print("--") + printf("--") end repeat @@ -333,6 +400,23 @@ local function setup_dkim_signing(cfg, changes) until not ask_yes_no("Do you wish to add another DKIM domain?") changes.l['dkim_signing.conf'] = {domain = domains} + local res_tbl = changes.l['dkim_signing.conf'] + + if sign_networks then + res_tbl.sign_networks = sign_networks + res_tbl.use_domain_sign_networks = sign_domain + else + res_tbl.use_domain = sign_domain + end + + if allow_mismatch then + res_tbl.allow_hdrfrom_mismatch = true + res_tbl.allow_hdrfrom_mismatch_sign_networks = true + res_tbl.allow_username_mismatch = true + end + + res_tbl.use_esld = use_esld + res_tbl.auth_only = auth_only end local function check_redis_classifier(cls, changes) |